Certified Information Security Manager (CISM) — Question 72

Which of the following is the MOST important objective of testing a security incident response plan?

Answer options

• A. Ensure the thoroughness of the response plan.
• B. Verify the response assumptions are valid.
• C. Confirm that systems are recovered in the proper order.
• D. Validate the business impact analysis (BIA).

Correct answer: B

Explanation

The most critical objective of testing a security incident response plan is to verify that the assumptions made during the planning phase are accurate, ensuring that the response will be effective in real situations. While thoroughness, recovery order, and business impact analysis are significant, they are secondary to confirming the validity of the response assumptions.